VYPR

Cuppacms

by Cuppacms

Source repositories

CVEs (25)

  • CVE-2022-37191MedSep 13, 2022
    risk 0.42cvss 6.5epss 0.03

    The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.

  • CVE-2022-38295MedSep 12, 2022
    risk 0.40cvss 6.1epss 0.01

    Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function.

  • CVE-2022-25497MedMar 15, 2022
    risk 0.35cvss 5.3epss 0.04

    CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.

  • CVE-2018-19918MedDec 31, 2018
    risk 0.35cvss 5.4epss 0.01

    CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI.

  • CVE-2018-17300MedSep 21, 2018
    risk 0.31cvss 4.8epss 0.01

    Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name.

Page 2 of 2